WPA2 Security Vulnerability Warning

WPA2, the security protocol used to protect the vast majority of Wi-Fi connections, has been broken by Belgian researchers, highlighting the potential for millions of devices to be exposed to malicious attacks. While there are no known instances of an active exploitation using this technique yet, a series of warnings were released yesterday, October 16, alerting anyone using Wi-Fi devices to take precaution.

The newly discovered weaknesses are being called Key Reinstallation Attacks (also known as KRACK). These attack techniques can be used to eavesdrop on information that was previously assumed to be protected, leaving sensitive information, such as credit card numbers, passwords, chat messages, emails, photos, and other sensitive data exposed to cybercriminals. In some circumstances, it is also possible for the attacker to control the flow of traffic from client machines. This could be leveraged to inject malicious software into client/server communications, allowing the attacker to compromise the client machine.

Researchers are still examining the vulnerability. In the meantime, here are some steps you should take to help safeguard your organization.

Preventing a KRACK Attack in Your Business

There are 2 sides of this equation. The infrastructure side, which is composed of networking equipment such as wireless access points and wireless routers, and the client side, meaning laptops, phones, tablets and the like.

For the infrastructure components, many manufacturers have already released firmware updates that correct this weakness. Check your vendor’s website to see if updates are available for your equipment.

For Windows client machines, an update has already been released via Windows Update. Apple currently has patches in beta testing and will be releasing those updates shortly. For additional client devices, such as phones and tablets, consult the manufacturer’s website for additional information.

Additional Resources

The potential ramifications of KRACK are still under active investigation with more details to come. In the meantime, here are some additional resources that explain what we know so far:

Cisco has posted a bulletin detailing the vulnerabilities discovered and affected products